Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Updates 2024

NIST Releases the C-SCRM Due Diligence Assessment Quick-Start Guide for Public Comment
October 30, 2024

Cybersecurity supply chain risk management (C-SCRM) assessments start with due diligence. Acquirers who make procurement decisions need to be informed about potential supplier risks before those decisions are executed. Consequently, many acquisition operating procedures strongly recommend or even require an assessment of a supplier’s risk prior to entering into an agreement with them.

Based on the widely adopted content in NIST Special Publication (SP) 800-161r1, this new draft Quick-Start Guide proposes an implementation-ready approach to conducting the minimum amount of investigative rigor on potential suppliers. Identifying the primary risk factors that an acquirer should consider can enable quick turnarounds with limited resources.

NIST welcomes comments on this initial public draft by December 16, 2024. Please email feedback to scrm-nist@nist.gov.

Related Topics

Security and Privacy: cybersecurity supply chain risk management, risk assessment

Activities and Products: quick-start guides

Created October 28, 2024, Updated November 05, 2024